My home email software has a spam folder where unwanted emails go to die – eventually. I must deliberately choose to send an email to the spam folder. Then, I must decide whether let it remain in perpetual limbo as spam, block it, or delete it.

Imagine the number of emails routinely sent and received by most law firms. My computer’s email setup would not be practical. But, when it comes to email configuration, there are good choices and bad ones. A Florida law firm rejected recommended safeguards to snag spam and allow someone, other than the computer, to decide whether to delete the email. That decision, along with others, turned out to be a bad call.

Here are the facts. The trial court’s court clerk served an order by email on the parties. The order awarded a significant amount of attorney fees to the appellee. The appellant claimed it did not receive the emailed order, which is why it failed timely to file an appeal. What happened? The firm’s email system automatically deleted the court clerk’s email and attached order as spam.

The appellant appealed and asked the court to vacate the original order and reenter the order to allow the appellant to appeal. Its email deletion error was “excusable neglect.” Not so said that trial court, and the Florida’s First District Court of Appeal affirmed.

The appellate court gave several specific reasons for rejecting the appellant’s argument. First, the review of the court clerk’s email logs confirmed that the email with the court’s order was served and received by the law firm’s server. Second, the law firm’s email configuration made it impossible to determine whether the firm’s server received the email. Third, the law firm’s former IT specialist’s advice against this configuration flaw was deliberately rejected by the law firm because its alternative cost more money.

The trial court concluded the law firm made a conscious decision to use a defective email configuration merely to save money, which was not “excusable neglect.”

Another nail in the coffin was testimony by the appellee’s attorney. His firm assigned a paralegal to check the court’s website every three weeks to safeguard that his firm would not miss any orders or deadlines. The court held that the appellant had a duty to check the court’s electronic docket.

What’s the moral here? Lawyers must configure their computer systems to prevent this costly error. And they must employ a “meaningful procedure” to prevent the series of events that caused this fatal error.

I rather liked the idea of the paralegal assigned to check the court’s online file. In this instance, the paralegal checked it every three weeks. I would modify this depending on the notice time required by your court’s rules.

I recommend reading the entire opinion for its analysis on “excusable neglect.” You can find the opinion here:http://bit.ly/2xI3gGB. -CCE

I admit that one of the things I like about working as a paralegal is that I never know exactly what will happen every day. I may have a mental list of target goals I want to accomplish that day. I may even get to start on at least one. But, emails, telephone calls, co-workers, demands of your clients, and unexpected and last-minute assignments often interrupt my work day. It’s what I call a normal day at the office.

I rely on checklists and our office software to keep me apprised of upcoming deadlines and when an average project has turned into a critical one. Prioritizing what comes first can be a challenge. But the biggest challenge I face is interruptions and distractions that eat away at my productivity.

If you have your own office, you can shut your door. If office drama occurs, heading back to your assigned work area and focusing on anything but the uproar is always the best policy.

But, remember that this door swings both ways. If you have no door to shut or share space with someone else, you must remember that you are not alone. Whenever you talk on the phone, mumble to yourself (I often talk to my computer as if it will pay attention to my demands), or make unnecessary noise, YOU have become the distraction.

Checklists work best for me to be prioritize my work load and make sure that nothing falls through the cracks. Your case management software might have built-in checklists you can use. If not, write your own. What works for me may not work for you. Regardless of your method, be faithful and turn it into a habit rather than a chore. -CCE

Regardless of whether you are a lawyer or legal professional, if you have been out there for a while, you have run into a “bad” boss. They are described in different ways – bully, perfectionist, bi-polar, belittling, and just plain unpleasant – but they are all accomplish at least one thing. They chase off good employees, and make an associates’ and staff’s miserable.

Many rules in a law office may not make sense to the uninitiated. Usually strict rules accompanied with micro-management are a red flag. New hires will likely inherit left over residue from a former employee who abused the rules so badly and frequently that management adopted more restrictive rules. It doesn’t matter that the bad apple is no longer there. New employees are stuck with jumping through the hoop actually designed for a former employee.

If you are interviewing and the office manager asks whether you mind working with difficult people, that is clearly a red flag. Ask why a position is open. Often, when all other things are equal, someone who works for a good boss rarely leaves a job.

If you have a boss who is truly making you miserable or has made it clear you are as far up the ladder as you will go, it doesn’t hurt to polish up your resume and stick your toe in the water. As a good friend once said that, when it comes to job hunting, you can always shop but you don’t have to buy.

If you have found that the nice prospective boss in the interview has turned into an extremely difficult tyrant, of course you have options. But, to be on the safe side, you may want to polish your resume and start putting out feelers. There is a difference between positive stress and the extremely destructive kind. Before this boss has destroyed any self-confidence you have left, get out of there.

Happily, not all attorney supervisors believe that intimidation and abusive behavior is the best way to encourage quality work and employees. Some people even thing that positive reinforcement, team work, and mutual respect and consideration actually improve employee performance and enhance the firm’s overall quality. What a concept! – CCE

In the movie Glengarry Glen Ross, Blake is a trainer sent by corporate to motivate a sales team. In addition to offering helpful gems like the acronym ABC to remind the salesmen that they should ‘always be closing,’ he repeatedly berates them and calls them names while bragging about his own success. He tells the team about a new sales competition that week: First place gets a Cadillac, second place gets a set of steak knives, and third place gets fired.

We hope you have never had a boss like Blake, but it’s likely that you recognize shades of his character in past managers, coworkers, or even a current manager in your organization. You want managers to push employees to do good work and get the best results for the company, but it can be hard to know how far is too far. During his ‘motivational’ speech, Blake asks one salesman, ‘You think this is abuse?’ As it turns out, it just might be, and this could be a new frontier in employee claims.

[H]ere’s a list culled from feedback from solos and small firm lawyers and administrators, my own experience, and lots of research, that will help to optimize the day-to-day management and growth of your practice. . . .

Evernote has so much potential. I have barely scratched the surface. This is a tool I definitely want to use and know more about. -CCE

Evernote is more than a note-taking application. We use it to store ideas, recordings, projects, tasks, images…The list is as comprehensive as we want it to be. Evernote allows us to offload our brain and organize our lives.

And how do lawyers use Evernote? I asked a few Evernote-loving lawyers. Here are their stories.

In the old days before laptops and other digital devices were the norm, we took notes by hand. When I took notes rather than observing and listening in a hearing, meeting, or at trial, I thought it helped me to notice more details that stuck in my memory. I have not had the opportunity to use a laptop or other digital device to take notes. I cannot say whether handwriting or typing improve memory retention. But it is an interesting idea. -CCE

Effective client intake and law firm pricing may not seem like closely connected topics, but they are connected and will be even more connected in the future. My column in the September Law Practice Magazine is Effective Client Intake and the Rise of Firm Pricers.

Law firms are retooling and reevaluating many of their operations and procedures. How long has it been since you have taken at look at your new client (or new matter for an existing client) intake procedures? . . .

This firm has a philosophy – treat its lawyers like grown ups with no billable hour requirement and other perks. Now they appear to have a problem finding their attorneys.

Who gets the job of tracking the attorneys? Their assistants, of course. Will this encourage a great working relationship between the assistants and their supervising attorneys? Probably not.

How long do you think this pilot program will last, and will other firms follow their example? -CCE

Wachtell, Lipton, Rosen & Katz will start a pilot program next week, requiring its assistants to report the status and location of the firm’s attorneys each morning, according to an internal memo leaked to the legal blog Above the Law.

Still unknown: how Wachtell plans to use the information it gathers?

From the memo: ‘The lack of awareness of the status and/or location of our colleagues results in staffing and work-related complications and other concerns.’

It also explained the process. The assistants would have an icon on their computers that would include a variety of options, such as ‘working from home,’ ‘traveling on business,’ and ‘leave of absence,’ and they will be required to input the status and location of their assigned attorneys. . . .

For years, law firms have talked about going “paperless.” It took some time to catch on. Scanners were sometimes more trouble than they were worth. It took money and many hours to convert all the files to a paperless system. It sounded like a good idea, but not everyone was convinced.

Things have changed. These days, going paperless makes good sense and good economics. No more filing or indexing pleadings? I can live with that.

This post from Rocket Matter makes good sense. If you decide to go that route, do not start until you look into file naming conventions. Pick one that is logical and easy to understand. Now you are on your way. -CCE

While putting together the Paperless Law Office E-Book, we thought, who better to learn from than a firm who went through the process? So we interviewed Andrew Kucera who was instrumental in helping move six-person Cuttone & Kucera, PC (now, Cuttone & Associates), a real estate and business law firm in Fresno, California, to a paperless operation. . . .

For the last decade, I’ve been compiling a list of ‘rules’ for client management based on very personal, subjective reactions to things that happened to me, mainly in the business world. I was partly inspired by NASA’s 100 rules for project managers.

I always meant it to be very personal and some of the rules relate to very specific things that happened to me. But I realised that with proper scrubbing it might be interesting for you too. . . .

My guess is that most people who use a smart phone access some kind of confidential information, such as your bank account or conversations with a client or the office. If you do not have a PIN lock on your smart phone, this truly is special kind of stupid.

This is not a hard one to understand. If you use your cell phone to communicate with clients, sync your phone to your office computer and docket, or attach yourself to your office and confidential information – without taking simple, basic security measures – you are inviting a dangerous breach of confidentiality. -CCE

44% of respondents say it’s too much of a hassle, new survey reports.

People put a lot of sensitive info on their phones, but they often give little though to how secure their data is. In a survey by a security company, over half of the respondents said they didn’t bother with a PIN lock. This takes on a whole new dimension when you begin to understand how many of these people keep corporate data on the device.

Losing an unlocked phone can be far worse than losing a wallet. Emails on the device alone can reveal a wealth of information about the person, including where they bank, where they live, names of family members, and more. If company email is on the device, and it often is, there can be competitive information, salaries, system passwords, etc. If any of those emails contain links, often clicking on it will take you into the website, be it Facebook or a corporate portal.

According to Confident Technologies, 65% of users have corporate data on their phone, even though only 10% actually have a corporate issued device.

For that majority that don’t lock their phone at all, 44% said it is too much of a hassle to lock it and 30% said they weren’t worried about security. These are likely the same people that store things like social security numbers, passwords, and other sensitive information in text files or basic note applications. They may even store their computer’s password on a Post-It Note in their center desk drawer. . . .

Your office may run perfectly – or so you think. We all have room for improvement. The same goes for the workplace. You may feel that, if there are any changes needed, you’ll make that decision. Fair enough. But is it possible that someone else at your office may have an idea you haven’t considered? You won’t know unless you ask. -CCE

What I’m about to ask you to do may initially seem like madness for an hourly lawyer, but I argue that it’s madness NOT to do it.

For the love of all that’s holy, PLEASE spend a day or two (even three) a year, locked in a room away from your office with the most important people in your law firm.

You need a yearly planning meeting like the one I describe below, and without it you’re spinning in circles without a navigation system. You won’t know where you’re going or when you’ve arrived.

Your annual planning meeting is the most critical conversation you will have all year for your law firm. When well-executed, you will emerge with a blueprint for the future direction of your firm. You’ll lay out concrete initiatives and goals that will, in turn, drive quarterly plans, which trickle down to your everyday to-do list.

Thought of in reverse, every activity you engage in on a daily basis should support a quarterly objective which is derived from the road map you draw in your annual offsite meeting. . . .

This one seems like a no-brainer, but I suspect many lawyers and paralegals alike have not realized the danger in this practice. -CCE

As a general rule, you should not CC your clients on emails.

First, because it gives every other recipient a chance to communicate directly with your client. In fact, it looks like an invitation to do so. Opposing counsel should know better, but even they might use Reply All accidentally, accidentally-on-purpose, or maybe even intending — albeit misguidedly — to be helpful.

In the case of recipients who are not bound by the rules of professional responsibility, you can hardly be surprised if they take the inclusion of your client’s email address as an invitation to keep them in the conversation or communicate with them directly. And remember that the recipient might forward your email, giving anyone not already included the chance to do so. This could be harmless if your email is related to a friendly business transaction. It could also be disastrous.

Don’t forget that clients can make mistakes, too. Even if you BCC your client to avoid the above problems, it could be your client who uses Reply All.

Second, part of your job is to counsel your client, which is difficult to do without providing at least a sentence or two of summary or context or explanation. If all you do is CC your client on every email (or forward every email with little more than “FYI”), you are missing a chance to do your job.

The better practice is usually to wait until the end of the discussion (or at least a decision point), so you can bring your client up to speed with a brief summary, some context, your analysis, the options you need to discuss, etc. Go ahead and include all the back-and-forth if you like, but don’t just hand it off. It is safe to assume given the fact of your representation that your client wants you to use your legal acumen to help them understand what is going on.

So don’t CC your client. There are certainly some exceptions to this ‘rule,’ or times when it doesn’t really matter. But at a minimum you should think twice before adding your client to the CC or BCC field of an email you are about to send.

The Chinese army knows this vulnerability and attacks American employees every day to steal trade secrets and gain commercial advantage for Chinese businesses.

Criminal hackers can cause tremendous damage, whether trained in China or not. If a high level expert, such as any member of China’s elite Unit 61398, aka Comment Crew, gets into your system, they can seize root control, and own it. They can then plant virtually undetectable back doors into your systems. This allows them to later come and go as they please. . . .

‘123456’ is finally getting some time in the spotlight as the world’s worst password, after spending years in the shadow of ‘password.’

Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that ‘123456’ moved into the number one slot in 2013. Previously, ‘password’ had dominated the rankings.

The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had ‘123456’ on top, followed by ‘123456789’ and ‘password.’ The magnitude of the breach had a major impact on Splashdata’s results, explaining why ‘photoshop’ and ‘adobe123’ worked their way onto this year’s list.

Fans of ‘password’ could reasonably petition for an asterisk, however, given that the stolen Adobe passwords included close to 100 million test accounts and inactive accounts. Counting those passwords on the list is kind of like setting a home run record during batting practice. Don’t be surprised if “password” regains the throne in 2014. . . .

If you wondered whether any main specific websites are affected, such as Yahoo, this list will help you. It will also help explain the Heartbleed bug, and why you should pay attention to what it is. If you want to know whether your specific bank was compromised, this list may not answer all your questions. So, if you’re not sure whether you should change your password, go ahead and do it.

Even better, find a password manager in this list of the best of the best from PC Magazine by Neil J. Rubenking — http://www.pcmag.com/article2/0,2817,2407168,00.asp. If you use one password for more than one website — and lots of people do — this is a good solution and a wise move regardless of the Heartbleed bug. -CCE

Is there anything more frustrating than trying to find a document on the computer when everyone names files any old way they want? File naming conventions do not have to be difficult. A few simple, logical rules used consistently by everyone is usually sufficient. In bigger companies where electronic discovery is a way of life, strict requirements for consistent file naming conventions are a must.

I am a fan of what I call “one stop clicking.” By that, I mean that I can tell by reading the name of the saved file whether it is the document I need. I want file naming conventions that are specific enough to identify what the document is, who wrote it, the date of the document, and what it is about. Repeatedly opening and closing documents to find what I want is a waste of billable time.

If necessary, create a list of acceptable abbreviations for everyone to use – no exceptions! But, if you do, please keep it simple and logical. There is no reason to re-invent the wheel or make this more difficult.

Here is a list of file-naming conventions. Regardless of whether your firm has already created file-naming conventions, you might want to look over the different versions below. Who knows? You might find a better idea for the system you are using now. -CCE

Did you know that some copying machines have hard drives and store digital copies of the copies they have made? Or that the hard drives could even contain 25,000 copies that have been made? Copier + Hard Drive: A Dangerous Combination.

Lawyers are used to discovering e-mail, but now what about using discovery to find copies that a opposing party made over time? Wouldn’t you like to be at your opponent’s office and see the originals of all the copies that were being made?

How much time is wasted prioritizing ever-changing deadlines, projects, and e-mail? As always, Mr. Calloway provides common sense approach to time management, including management of e-mail, to-do lists, and more. -CCE

Time management is a challenge for us all these days. There are so many more distractions and so many more electronic avenues for assignments to come our way. It is a constant struggle to maintain productivity and a constant goal to improve. Missing a calendar entry can be critical in a law firm, so we live by our calendars. But making certain that critical tasks are completed promptly is equally important. Many lawyers put critical to-do items or deadlines on their calendars, even though they should be in a task list.

Ethics in Brief – HIPAA Omnibus Final Rule: One Year Anniversary and Impact on Attorneys as Business Associates, by Linda Hunt Mullany, Ofer Barley, and Charles Berwanger, of Gordon & Rees LLP, for Ihe San Diego County Bar Association

January 25, 2014 marks the one year anniversary of the publication of the long-awaited omnibus final rule (“Final Rule”) by the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”). The Final Rule implemented many proposed regulations, and addressed other provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) in accordance with the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). This article addresses the most pertinent changes affecting attorneys as business associates who receive protected health information (“PHI”) from a covered entity. Please note that additional requirements by state-specific privacy laws may apply.

* * *

What This Means to Attorneys as Business Associates Going Forward
The extension of the covered entity’s responsibilities to business associates now brings possible civil and criminal liability to the forefront. HIPAA civil fines for noncompliance can be up to $50,000 per violation (or a maximum of $1.5 million for repeated violations) depending on the degree of culpability, and criminal penalties may result in up to ten years in prison. When combined with state penalties, these numbers may be even higher, and land an unwary attorney with front-page publicity of the wrong kind. Anyone can file a complaint with the OCR if he or she believes that a violation occurred since the complainant need not be an actual victim. The federal government will then decide whether to investigate and impose a fine or penalty. Separately, noncompliance may also involve state bar discipline for attorney misconduct or causes for legal malpractice and, in California, individual patients can bring private lawsuits when their PHI has been negligently released in violation of state law.

Attorneys as business associates must immediately comply with the HIPAA Security and Privacy Rules. That means that they will need to conduct a security risk assessment and draft a security policy for handling client electronic files that contain PHI. Further, attorneys will need to implement HIPAA privacy policies regarding the use, disclosure, maintenance and destruction of PHI in any form. Finally, if attorneys have not done so already, they are advised to audit their existing BAAs and come into compliance with the updated provisions, especially if they use subcontractors.